Skip to content

Latest commit

 

History

History

vulnerable-tomcat

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
spring-war
spring-war
 
 
.dockerignore
.dockerignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
spring-form.war
spring-form.war
 
 
spring4shellapplication.png
spring4shellapplication.png
 
 

README.md

Example of a spring4shell vulnerable Tomcat application

spring4shellapplication

Example (Docker)

Prebuilt image availible at Docker Hub

An example of a vulnerable Tomcat application + server.

War files built from /spring-war folder. (It is recommended to build your own war files but i have provided one based on https://spring.io/guides/gs/handling-form-submission/)

Build

Building the docker version of the vunurable application, you can build your own war files.

Building your own war file

You can use the provided spring-form.war or build your own

Prerequisites (Only if building your own war files)

  • Java
  • Java JDK (I have only tested with JDK 18)
  • Maven
cd spring-war
mvn clean package
cd target
mv spring-form.war ../../ # Linux move the war file to vunerable-tomcat
move spring-form.war ../../ # Windows
cd ../../

Building and starting the docker container

docker build -t vulnerable-tomcat .
docker run -it --rm -p 8888:8080 vulnerable-tomcat

Wait about 20 seconds for the server to start. Then run the exploit script.

python3 poc.py --url http://<dockerip>:8888/spring-form/greeting
#or docker variant
docker pull ghcr.io/bobtheshoplifter/spring4shell-poc:main
docker run ghcr.io/bobtheshoplifter/spring4shell-poc:main --url http://<dockerip>:8888/spring-form/greeting

If all goes well you should see something simular to this!

image

Example (Manual/Old)

Found intresting poc here : https://github.com/craig/SpringCore0day/blob/main/exp.py [^1]. & https://twitter.com/vxunderground/status/1509170582469943303

https://github.com/reznok/Spring4Shell-POC - Docker, POC